Title: Authorization Middleware for Software as a Service
Other Titles: Autorisatie-middleware voor Software as a Service
Authors: Decat, Maarten
Issue Date: 25-Jan-2016
Abstract: This thesis focuses on access control for Software-as-a-Service (SaaS) applications. Access control is the part of security that aims to constrain which users can access which data in an application by enforcing access rules. SaaS makes up a novel and promising type of applications in which a customer organization rents access to an entire application hosted in the cloud for use through a web browser.
Because SaaS applications are typically designed to be used by multiple customer organizations at the same time, application-level access control is of big importance to them. However, SaaS applications also pose new and specific challenges for access control. For example, SaaS access control should enable the provider of the application to control which of its customers can access which parts of the application and should enable these customers to control which of their employees can access which part of their data in the application. In addition, while this functionality by itself is non-trivial, SaaS access control is further complicated by the fact that every customer wants to express its access rules in terms of its own organizational structure, by the fact that SaaS applications are offered to a large amount of customers, and by the fact that these customers do not necessarily trust the provider completely.
As such, the goal of this thesis is to design access control techniques for SaaS applications that are able to cope with these challenges. In addition, these techniques should impose low performance overhead on the application, should be easy to use and should be easy to integrate into a SaaS application.
In this regard, this thesis provides four distinct contributions: (i) a reusable middleware for efficient access control management of SaaS applications, (ii) the concept of federated authorization, which externalizes access control from a SaaS application, (iii) the technique of policy federation, which improves the performance of federated authorization, and (iv) a technique to enable access rules to be securely evaluated in parallel to support large amounts of requests per second.
For each of these contributions, we build upon the state-of-the-art technologies of policy-based access control, attribute-based access control and tree-structured policies. In addition, these contributions have been validated in four distinct case studies of realistic SaaS applications in the domains of automated document processing, automated workforce management and e-health. Finally, we have systematically evaluated these contributions in terms of performance and engineering overhead based on extensive prototypes.
Table of Contents: 1 Introduction
1.1 Access control and Software as a Service
1.1.1 Access control
1.1.2 Software as a Service
1.1.3 The need for security and access control in SaaS
1.2 Challenges for access control in SaaS
1.2.1 Functional challenges
1.2.2 Non-functional challenges
1.2.3 Additional concerns
1.3 Goals of this thesis
1.4 Research approach
1.4.1 Case studies
1.4.2 Supporting technologies
1.4.3 Research prototypes
1.5 Contributions
1.6 Outline

2 Background
2.1 Access control
2.2 Access control models
2.2.1 The basics: the access control matrix
2.2.2 Who can assign permissions
2.2.3 How permissions are assigned
2.2.4 Beyond permissions: executing operations with an access decision
2.3 Policy-based access control
2.3.1 Policy languages
2.3.2 The reference architecture for policy-based access control systems
2.4 Federated access control
2.4.1 Early techniques for federated access control: Kerberos and the Public Key Infrastructure
2.4.2 Access control in grid computing
2.4.3 Federated access control in web applications
2.5 Performance of policy-based access control
2.6 Positioning of our contributions
2.7 Conclusion

3 Amusa: access control in a multi-tenant context
3.1 Introduction
3.2 Problem statement
3.2.1 Industrial case studies
3.2.2 Problem illustration
3.2.3 Resulting requirements
3.3 The Amusa middleware
3.3.1 Enabling technologies
3.3.2 Amusa’s access control management
3.3.3 The middleware architecture of Amusa
3.3.4 How to integrate Amusa in an application
3.4 Evaluation
3.4.1 Security
3.4.2 Performance
3.4.3 Integration effort
3.5 Discussion
3.6 Related work
3.7 Conclusion

4 Federated authorization
4.1 Introduction
4.2 Motivation and problem illustration
4.2.1 Case study: a patient monitoring service
4.2.2 Resulting access control requirements
4.2.3 The need for federation authorization
4.3 Federated authorization
4.3.1 Key features for supporting federated authorization
4.3.2 Generic middleware architecture
4.3.3 Extensions to current policy languages
4.4 Performance evaluation
4.4.1 Test setup
4.4.2 Results
4.5 Discussion
4.5.1 Trust implications
4.5.2 Security implications
4.5.3 Privacy implications
4.5.4 Performance
4.6 Validation of federated authorization in a wider context
4.6.1 Case study: a collaborative care platform
4.6.2 Access control requirements
4.6.3 The role of federated authorization
4.7 Outlook
4.8 Conclusion

5 Efficient federated evaluation of access control policies
5.1 Introduction
5.2 Case study analysis: home patient monitoring
5.2.1 Summary of the case study
5.2.2 Access control policies from the case study
5.2.3 Problem statement and solution
5.3 Policy model
5.3.1 Structure of a policy tree
5.3.2 Evaluation of a policy tree
5.4 Policy federation algorithm
5.4.1 Overview
5.4.2 Step 1: Normalization
5.4.3 Step 2: Decomposition
5.4.4 Step 3: Combination
5.4.5 Discussion: policy equivalence
5.5 Performance evaluation
5.5.1 Middleware prototype
5.5.2 Test set-up
5.5.3 Results
5.6 Discussion
5.7 Related work
5.8 Conclusion

6 Concurrent evaluation of access control policies
6.1 Introduction
6.2 Problem elaboration
6.2.1 The need for concurrency and distribution
6.2.2 The need for concurrency control
6.2.3 The need for concurrency control at the level of policy evaluation 148
6.2.4 Requirements for concurrency control
6.3 Concurrency control
6.3.1 Modeling history-based policies in current policy languages
6.3.2 Tactics for concurrency control
6.3.3 Centralized coordinator
6.3.4 Distributed coordinator
6.3.5 Scaling out the attribute database
6.4 Evaluation
6.4.1 Prototype and test set-up
6.4.2 Latency overhead
6.4.3 The impact of conflicts
6.4.4 Scalability
6.5 Discussion
6.6 Conclusion

7 Conclusion
7.1 Contributions
7.2 Revisiting the challenges for SaaS access control
7.3 Future directions for policy-based access control
7.3.1 Investigating the semantical interface between policies and applications
7.3.2 Applying policies to database queries
7.3.3 Supporting tools and technologies
7.3.4 The link between authorization and audit
7.3.5 The complete picture: a view on policy-based access control
7.4 Concluding thoughts

Appendix A Example of an access control policy

Appendix B Extensions to XACML for federated authorization
B.1 Remote Policy Reference
B.2 Obligation targets

Appendix C Correctness of the policy transformations of Chapter 5
C.1 Combination algorithms
C.1.1 PermitOverrides
C.1.2 DenyOverrides
C.1.3 FirstApplicable
C.2 Truth tables of the policy transformations
C.2.1 Transformation T1
C.2.2 Transformation T2
C.2.3 Transformation T3
C.2.4 Transformation T4
C.2.5 Transformation T5
C.2.6 Transformation T6
C.2.7 Transformation T7
C.2.8 Transformation T8

Appendix D Overview of the developed prototypes

Publication status: published
KU Leuven publication type: TH
Appears in Collections:Informatics Section

Files in This Item:
File Status SizeFormat
phd-maarten-decat.pdf Published 5700KbAdobe PDFView/Open


All items in Lirias are protected by copyright, with all rights reserved.